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1. Introduction 

Traditional electronic data interchange (EDI) has been evolving for approximately 25 years and has truly 
become the paperless environment that is so often talked about. EDI is a complicated mixture of three 
disciplines: business, data processing, and data Communications. This paper examines the concepts from the 
perspectives of each discipline. 

Internet standards are excluded from the discussion of Communications protocols, since the audience is 
probably already familiar with SMTP, MIME, and other Internet messaging protocols. 

2. What is EDI? 

Since EDI is commonly defined as the direct computer-to-computer exchange of standard business forms, it 
clearly requires a business process. Because the key idea involved is the exchange of documents that allow a 
business application to take place without human intervention, data processing is clearly necessary for 
application processing. Data communication is then necessary for the exchange to take place. It is the marrying 
of these three disciplines that allows the "paperless trading" that comprises EDI technologies. 

Besides the three career disciplines that are intemal to the organization, three other issues are important for EDI 
trading to take place: standardization of formats, security, and value-added networks (VANs). 

2.1 Looking doser at EDI 

EDI is commonly defined as the direct computer-to-computer exchange of standard business forms. The key 
idea involved is the exchange of documents that allow a business application to take place without human 
intervention. The ability to send business documents between machines simplifies and expedites the business 
process itself. Many businesses choose EDI as a fast, inexpensive, and safe method of sending purchase orders, 
requests for quotations, quotations, invoices, payments, and other frequently used business documents. 

Often today one will see the term EC/electronic data interchange (EC/EDI). This term has evolved from placing 
EDI under the EC (EC) umbrella, EC being the broad view of electronic trading. EDI is defined as the 
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interprocess (computer application to computer application) communication of business information in a 
standardized electronic form. EC includes EDI, but recognizes the need for interpersonal (human to human) 
Communications, the transfer of moneys, and the sharing of common databases as additional activities that aid 
in the efficient conduct of business. By incorporating a wide range of technologies, EC is much broader than 
EDI. However, the focus of this document in on EDI, not EC. 


2.2 Comparing EDI and fax 

Similarities exist between EDI and fax in that both use telephones lines and both can travel from computer to 
computer (Sawabini, 1995). There are distinet differences however. Fax is primarily paper based and requires a 
human interface. Fax receipts are not generally acceptable to applications. Fax machines accept nonstandard 
data formats, and anything that can be scanned can be faxed, whereas EDI requires standard message formats 
between trading partners. 

2.3 Comparing EDI and e-mail 

Similarities also exist between e-mail and EDI. Both travel from computer to computer and both use an 
electronic mailbox. However, three of the four differences listed for EDI vs. fax also apply to EDI vs. e-mail: e- 
mail message format is not standard, e-mail requires human interface, and e-mail is not acceptable to 
applications. 

3. Data processing and EDI 

One of the technological fields required to implement EDI is data processing. Data processing allows the EDI 
operation to take information that is resident in a user application and transform that data into a format that is 
recognizable to all other user applications that have an interest in using the data. In the EDI environment, data 
processing will handle both outgoing and incoming data, as depicted in figure 1. 
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Figure 1: Data Processing and EDI 

The user-defined fdes in figure 1 are the flat files that are produced by a business application. These files may 
or may not be formatted by the user. These are the business files that need to be translated into the X12 format. 


The translation software in figure 1 is the software that maps the elements of a user-defined file into the ANSI 
X12 or EDIFACT standard format. This software is available through commercial retailers on various platforms 
from PCs to mainframes. 
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The mapping of the user-defined data elements into the translation software requires some skiil in mapping. The 
mapping itself requires knowledge of both the translation software and the EDI standards being used so new 
mapping and processing rules can be set up for the translator. If a new trading partner places no new 
requirements on the translator, the new trading partner is simply set up under existing mapping rules. However, 
when the trading partner requires that additional or different data fields be sent, a new mapping scheme needs to 
be identified and associated with that trading partner (Sokol, 1995). 

4. Data Communications and EDI 

The other technological field that is heavily involved in EDI implementation is data Communications. Once the 
standards have been employed and the required software is in place, the EDI participant still needs to have the 
ability to communicate with remote trading partners to take advantage of EDI. 

4.1 Transport mechanisms move the data 

Data must be transported across telecommunications lines in order for the trading partners to trade information. 
Following are some basic concepts that describe mechanisms and methods used in this transport of data: 

Direct connect is the term used to indicate that two EDI trading partners trade information directly to each other 
without a third-party connection service. Direct connects are normally used by large corporations for 
intracompany EDI transactions and for intercompany transactions with trading partners that have established 
high-volume rates of exchange of EDI data. 

Modems are heavily used by EDI practitioners today. Modem-to-modem connections provide a level of security 
and reliability that long-time practitioners are reluctant to give up. The standard in the industry, as this paper is 
written, is transmission by binary synchronous modem or "bisync." This method allows for high-speed 
continuous transmission in which the sending and receiving modems are controlled by clock pulses. The clock 
pulses regulate the rate and timing of the data flow. 

Routers, although not the primary transport mechanism for EDI transactions today, have the potential to become 
the de facto standard of transmission for high-volume traffic. Currently, routers are used mainly over leased 
lines, requiring expensive setups and ongoing data Communications transport costs. 

4.2 Communications protocols standardize the data formats 

EDI transactions can be passed between trading partners using standard transmission protocols. Graphic images, 
charts, and diagrams must be transmitted using protocols that allow the transfer of binary data. Some of these 
common standards are SMTP, MIME, X.400, X.435, and X.500. Internet Protocols are excluded from this 
discussion as the audience is already very familiar with them. 

X.400 is an electronic messaging standard that was developed by the Consultative Committee on International 
Telegraph and Telephone, which is tasked with developing standards to enable incompatible networks and 
computer systems to exchange data. In this standard, an X.400 header precedes the message itself. The header 
allows the sender of the message to specify information relating to the transmission and delivery and notice 
requests. 
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The architecture of the X.400 standard calls for an outer envelope that is application independent and is used to 
route the message. Within the outer envelope lies the content header, again application independent, which is 
used to deliver the message to the recipient. A message transfer agent (MTA) receives the message, discards the 
outer envelope, and then reads the header to determine the recipient. The message itself is composed of body 
parts, each body part being an application-specific message. 


X.435 is a standard that further enhances the X.400 standard to make it deal more effectively with EDI 
transmission requirements. X.435 is the specification for the EDI body part that attaches to the X.400 message. 

X.500 is an addressing directory containing the names and characteristics of electronic messaging receivers. 
X.500 facilitates the delivery of X.400 messages, including those that include the X.435 standard. The idea is 
the production of a global electronic directory and a guide to associated databases so the user can find an e-mail 
address if it is needed and not known. 

5. The business process and EDI 

Any business application that can be improved through paperless trading in a fast, efficient environment is a 
good candidate for EDI. EDI is currently widely used by the airline industry, banking industry, credit card 
industry, and auto industry. The current push in the EDI world comes from companies who wish to trade with 
each other electronically—buyers and their suppliers—hence the term "trading partners." 

5.1 Applications of EDI 

The business process examined here to which to apply EDI concepts is the procurement process. This business 
process was chosen for two reasons. First, within industry itself, new EDI technology is developing fastest in 
this area. Second, the President has issued an initiative to streamline govemment procurement through the use 
of EC. Since the initiative was announced in October 1993, the thrust within the govemment has been to 
implement the initiative using EDI technologies. These factors make the procurement process the most relevant 
business process to examine at this time 

5.2 A typical small purchasing application 

The business application depicted in figure 2 is a simple purchasing application. 
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Figure 2: Business Application and EDI 
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As shown in figure 2, the procurement process normally begins with the buyer being made aware of a need 
within the organization to make a purchase. As soon as a need is established and precisely described, the buyer 
begins the process of selecting the supplier that will be used. Routine items may be purchased using suppliers 
that have already been contracted with. New items or high-value items may require investigation by the buyer in 
selecting an appropriate supplier. 

The buyer will select a preliminary group of suppliers and then employ the methods of competitive bidding, 
negotiation, or a combination of the two to secure the final supplier. When competitive bidding is used, the 
buyer issues an RFQ to the suppliers that the buyer might be willing to do business with. Typically, the RFQ 
will contain the same basic information that will be included on the purchase order. 

When a supplier receives an RFQ that the supplier has an interest in bidding on, the supplier issues a quotation 
to the buyer. The quotation will contain pricing information so the buyer can do a price comparison between the 
suppliers. For instance, an RFQ might be issued for 200 gallons of white, latex-based paint. The supplier who is 
issuing a quotation may quote a price of $xxx.xx. 

Once a supplier has been selected, the purchasing department issues a serially numbered purchase order. The 
purchase order itself becomes a legally binding contract. For this reason the buyer will carefully prepare the 
purchase order and ensure that the wording is precise and specific. Any drawings, diagrams, or related 
documentation that is necessary to precisely describe the item being purchased will be incorporated or 
referenced in the purchase order. Additionally any conditions or sampling plans will be stated precisely. 

Normally a list of terms and conditions designed to give legal protection to the buyer on various matters 
prescribed by law are incorporated in, or attached to, all purchase orders as boilerplate to those orders. These 
boilerplate terms and conditions cover a wide range of concems including, contract acceptance, delivery 
performance and contract termination, shipment rejections, assignment and contracting or the order, patent 
rights and infringements, warranties, compliance with regulations, and invoicing and payment procedures. 

Change orders are required when a company makes a change in the contract after a purchase order has been 
issued. The buyer will issue the change order and, when accepted by the supplier, the change order either 
supplements or replaces the original purchase order. 

The original copy of the purchase order constitutes a legal offer to buy. The purchase contract then comes into 
existence when the contract is performed or when formal acknowledgment of acceptance of the offer is made. 

Normal business methods suggest that the supplier may not bother to acknowledge the offer if the items are 
immediately shipped to the buyer. When the items are not immediately shipped, then the supplier should send 
the acknowledgment back to the buyer. 

The supplier may acknowledge the buyer's order accepting the buyer's terms and conditions, or may 
acknowledge and incorporate the supplier's own terms and conditions in the acknowledgment. If the seller's 
terms are different than the buyer's, the law allows them to be incorporated into the contract as long as they do 
not alter the buyer's intent or unless the buyer files a written objection to the inclusion of new terms and 
conditions. In general, terms and conditions that are in conflict between buyer and seller are excluded from the 
contract, leaving the settlement to negotiation or suit. For this reason it is imperative that the buyer beware of 
the terms and conditions in the order acceptance. 
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6. Marriage of the three disciplines 

EDI involves three very different and distinet disciplines. First, there has to be a business process. If the 
business process would be improved by being accomplished more quickly and with inereased efficiency, then 
the business process is a candidate for EDI. The business process is the domain of the business funetional area. 
Second, once the business process has been identified, data processing technologies have to be applied to the 
business process so that the process can be håndled using computers. Some type of standard must come into 
play in the automation process so that paper doeuments that are the output of the business process can be put 
into a format that is interchangeable between computers. The automation of the business process is the domain 
of the data processing discipline. Third, the standardized business form must be transmitted from and received 
by computers, using data Communications technologies. The data Communications aspect of EDI is the domain 
of the data Communications discipline. 

The marriage of these disciplines allows for the "paperless trading" that comprises EDI technologies. As EDI 
technologies evolve, the terminology changes. 

6.1 Paper doeument flow 

The traditional doeument flow for purchasing transactions starts with data entry by the purchaser to create a 
paper doeument to send by mail to trading partners. Once the trading partners receive the data, they keystroke 
the information received into a local application and then perform more data entry by entering a response into a 
local application. The resultant paper doeument is then mailed to the purchaser. 

The procedure is both time consuming and labor intensive because data from both trading partners has to be 
entered twice, once at the point of creation and once at the point of entry to the foreign system. In addition, the 
originator must await a paper response sent by mail. 

6.2 EDI flow 

EDI data is key in only one time, at the original point of entry. The data is then translated into a standard format 
electronically and sent to the trading partner electronically. At the receiving end, the data fields are mapped into 
local applications, and the only data entry required is for new data that may be needed to respond to the data 
received. 

Time for transmission is also very fast in comparison to postal mail. Even on a slow modem connection, the 
time is considerably shorter than through the postal service. 

7. Standards 

Although Communications and doeument standards are both critical, doeument standards are the heart of EDI 
(Kimberly, 1991). 

7.1 The role of standards 


Standards are a necessary part of EDI. Every business has application files that are used to manipulate their data 
in ways that are familiar to the business. The problem is that most businesses, though using the same types of 
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data, do not use the same application programs or hardware and software platforms. If businesses are to be able 
to communicate their data to one another, they must have a common ground to meet on to allow the exchange 
of the information. Standards are the solutions to this problem. All business that conform to specific standards 
can share data in the formats delineated by those standards. 

7.2 ANSI ASC XI2 

The American National Standards Institute's Accredited Standards Committee X12 (ANSI ASC X12) is the 
accepted standard for EDI transactions in the United States. The ANSI ASC X12 committee has the mandate to 
develop variable-length data formats for standard business transactions. The committee was accredited in 1980, 
and the XI2 standard has been evolving ever since. One of the requirements placed on the committee was and is 
to keep the standard open to interindustry applications. This requirement makes the standard more complex than 
an industry-specific standard, but the advantages easily overcome the disadvantage of complexity. 

With a single standard, a business has multiple functionality and only has to use one standard for each business 
function. 

7.3 EDIFACT 

The International Standards Organization (ISO), an organization within the United Nations, has developed the 
EDI standard that is used in Europe. The Electronic Document Interchange for Administration, Commerce, and 
Transportation (EDIFACT) is the UN standard that the whole world has agreed to eventually adopt. The actual 
implementation of EDIFACT within the U.S. has been moving at a snail's pace. The standard appears to 
currently be taking the same route that metric standards have taken. Everyone agrees that EDIFACT is the 
international standard, but tried and true XI2 standards are not abandoned in favor of EDIFACT. 

7.4 Other document standards 

Other document standards are in existence, most notably HL7, which is used by the hospital systems and is 
ANSI approved. 

8. Security 

One of the major roles that is provided by the data Communications technology is the ability to apply security to 
EDI transactions so that the transactions will not be tampered with or observed, depending on the level of 
security needed. The security modules that are discussed in this section are depicted in figure 3. 
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Figure 3: Data Communications Security 
8.1 Confidentiality 

Confidentiality requires that all Communications between parties are restricted to the parties involved in the 
transaction. This confidentiality is an essential component in user privacy, as well as in protection of proprietary 
information and as a deterrent to theft of information services. Confidentiality is concemed with the 
unauthorized viewing of confidential or proprietary data that one or both of the trading partners does not want 
known by others. Confidentiality is provided by encryption. 

Encryption is the scrambling of data so that it indecipherable to anyone except the intended recipient. 

Encryption prevents snoopers, hackers, and other prying eyes from viewing data that is transmitted over 
telecommunications channels. There are two basic encryption schemes, private-key and public-key encryption. 
Encryption, in general, is cumbersome and expensive. 


Private-key encryption requires that both sending and receiving parties have the same private-encryption keys. 
The sender encrypts the data using his key. The receiver then decrypts the message using his identical key. 
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There are several disadvantages to private-key encryption. In order to remain secure, the keys must be changed 
periodically and the users must be in synch as to the actual keys being used. 

Public-key encryption is gaining wide spread acceptance as the preferred encryption technology. With public - 
key encryption, a message recipient generates a matched set of keys, one public key and one private key. The 
recipient broadcasts the public key to all senders or to a public location where the key can be easily retrieved. 
Any sender who needs to send the receiver an encrypted message uses the recipient's public key to encrypt the 
message. The private key, which is held in private by the recipient is the only key that can decipher messages 
encrypted with the matched public key. This schema requires that the private key cannot be generated from the 
public key. 

Public key technology is the direction encryption technology is currently headed. With the advent of X.500, 
databases will be built to store public keys and enhance the technology significantly. 

8.2 Authentication 

Both parties should feel comfortable that they are communicating with the party with whom they think they are 
doing business. A normal means of providing authentication is through the use of passwords. 

The latest technology to provide authentication is through the use of digital certificates that function much like 
ID cards. The digital certificate has multiple functions, including browser authentication. 

8.3 Data Integrity 

Data sent as part of a transaction should not be modifiable in transit. Similarly, it should not be possible to 
modify data in storage. Data integrity is a guarantee that what was sent by the sender is actually what is 
received by the receiver. This is necessary if there is a need to ensure that the data has not been changed either 
inadvertently or maliciously. However, authentication schemes do not hide data from prying eyes. 

Providing data integrity is generally cumbersome and not used unless one of the trading partners requires it. The 
normal mechanism for acquiring data integrity is for the sender to run an algorithm against the data that is being 
transmitted and to transmit the result of the algorithm separately from the transmission. Upon receipt of the 
transmission, the receiver runs the identical algorithm and then compares the results. If the results are identical, 
then data has not been modified. 

8.4 Nonrepudiation 

Neither party should be able to deny having participated in a transaction after the faet. The current technology 
ensures this through the use of digital signatures. 

Electronic signatures are the computerized version of the signature function. Signatures are needed in some 
business applications for authorization purposes. For example, a contracting officer may have a specified 
spending limit, say $25,000. If that contracting officer decides to place an order for $30,000, the seller may not 
have the authority to fill the order because the signature of the contracting officer's supervisor is needed on all 
orders over $25,000. The authorization limits normally will have been agreed upon through a trading partner 
agreement. 
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A digital signature algorithm can be used to generate digital signatures. The digital signature itself is used to 
detect unauthorized modification to data and to authenticate the identity of the signature. The digital signature is 
also useful to the recipient as a nonrepudiation device whereby the recipient can prove to a third party that the 
signature was in faet generated by the signatory. Thus the signatory cannot repudiate the signature at a later 
date. 


9. Value-added networks 

As seen in the previous discussions, setting up to use EDI involves considerable expense. For small busin esses 
and businesses that do low volumes between each other the cost is not always worth the efficiencies achieved. 
Commercial Value-added networks (VANs) make the burdens of the Communications complexities easy by 
offering their Communications services to prospective EDI users (Bort and Bielfeldt, 1996). 

9.1 Connectivity 

VANs establish Communications paths between their customers and with other VANs. By using these services a 
business does not have to worry about the myriad of Communications complexities from having trading partners 
using different hardware, software, and transport mechanisms. The typical buyer-VAN-seller connection is 
depicted in figure 4. 
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Figure 4: Value-Added Network Connection 

Likewise, EDI software is not inexpensive. A business with an X12 translator still needs personnel on board 
that understand X12 and can use the software effectively. Value-added services offer the traditional VAN 
services and add to that the translation services required to create an X12 file. These services allow the typical 
business to enter the EDI arena at minimal cost and maximum efficiency. 
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9.2 Delivery 

Mailbox software is the most important feature offered by VANs. The electronic mailbox is used for both store - 
and-retrieve and store-and-forward operations. In both cases, the sender of the EDI message transmits the 
electronic message to the VAN on its own time Schedule. The VAN then acts on the message depending on 
whether the service is store-and-retrieve or store-and-forward. 

Store-and-retrieve service allows the VAN to store the message in the receiver's mail box. The receiver then 
retrieves its messages based upon the needs and schedules of the receiver. This service enables the sender and 
receiver to communicate, but at different times of the day, instead of simultaneously. 

Store-and-forward service allows the VAN to forward messages to the receiver when the business need is not 
for immediate or event-driven notification. Event-driven mailbox services can be håndled by forwarding of the 
message to the receiver or by immediate notification from the VAN to the receiver that a message has been 
stored that meets the prearranged criteria for event-driven notification. 

9.3 Security 

Generally, a VAN provides security at several levels for its mailbox customers. Access control is normally 
provided by a login and password sequence. 

Messages are screened for the individual customer to ensure that they were sent by authorized trading partners 
of the customer. This service also checks for message types and formats, and ensures they are acceptable to the 
customer. 

Some VANs offer cryptography services. The cryptography is used to authenticate and encrypt messages to 
ensure confidentiality. This service requires that the encryption be done at the customer site to be of any real 
value. 

9.4 Audit and control 

One of the features a VAN can offer a customer is a usage accounting data option whereby the VAN reports 
how much traffic comes to the customer in a given time period. Transmission status reports to clarify status of 
an individual transaction are also available (Canis, 1995). 

Many trading partners require acknowledgment for transactions received, and VANs can pro vide automatic 
sending of acknowledgments. The VAN can also track the transaction traffic. If specific transactions need to be 
tracked, the VAN can provide an audit trail of the requested data. 

9.5 Value-added services 

In the typical EDI implementation, both sender and receiver employ the services of a VAN because it eliminates 
the need to support different Communications configurations between themselves and their trading partners. 
Using VANs also reduces the cost of Communications equipment and staff to support the multiple 
configurations. 
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Still, not all trading partners will use the same VANs. This is not an issue because VANs interconnect regularly 
with each other. The standard VAN interconnection is through bisynchronous modem connections. 

Most VANs offer translation services so that customers do not have the need to purchase or maintain translation 
software. Normally if these services are used, the customer will supply the formats for the data and the VAN 
will map the data itself. 

VANs have the capability to respond to presence of data and can fax or e-mail a notification to the customer if 
data is in the customer's mailbox. 

10. Effects and level of automation 

The benefits associated with EDI often cause overblown expectations. EDI, in and of itself, is just another way 
to format and transfer data. The real use of EDI and the amount of value to be gained from its implementation 
depend upon whether or not EDI is integrated into the overall data processing effort of the organization. 

The effects of EDI depend greatly on the level of automation within an organization. If the organization is only 
using EDI to send data in a format required by a trading partner, the effect is much more limited than if EDI is 
integrated into the back-end processes of the organization. EDI applications that are fed by back-end processes 
and the databases that support these processes and then, in tum, feed the EDI data received back into the 
databases and back-end processes have a huge impact on the total level of automation within the organization. 

The well-known list of EDI-related benefits—lower costs, higher productivity, and reduced order-cycle times—is 
attainable. But if the automation level of the organization is not high and is not integrated, the effects of EDI 
will be lessened considerably. 

11. Conclusions and future of EDI 

EDI is well established as effective technology got reducing costs and increasing efficiency. EDI technologies 
are approximately the same age as Internet technologies. In the past, the technologies have been mutually 
exclusive, but this is rapidly changing. As the two technological communities begin to merge and as the 
business community sees the advantages of this merger, EDI and the Internet will eventually become 
ubiquitous. 

EDI users are already seeing dramatic cost savings by moving their traffic from the traditional VAN services to 
the Internet. As EDI working groups within the Internet Engineering Task Force create interoperability 
standards for the use of EDI over the Internet and as security issues are addressed, EDI over the Internet will be 
part of normal business. The EDI working group already has a charter for an interoperability standard for 
process-to-process EDI. Once that standard is in place, real-time EDI over the Internet will replace normal time- 
delayed, batch-style interactions. 
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Commerce 


• Commerce is a division of trade or production 
which deals with the exchange of goods and 
services from producer to final consumer 



E-COMMERCE 


• It is commonly known as electronic marketing. 

• It consist of buying and selling goods and 
services over an electronic system such as the 
internet. 

• E-commerce is the purchasing, selling & 
exchanging goods and services over computer 
network or internet through which transactions or 
terms of sale are performed electronically. 



The process of E-commerce 














Traditional Commerce 
vs. E-Commerce 

• Similarities 

• Both aim to deliver a valued product or service 

• Both want to serve a large audience 

• Both strive to quickly deliver products and services 

• Differences 

• customers expect shorter fulfillment time 

• customers must understand Web-based technologies 

• E-commerce provides a global audience 

• E-commerce orders are processed without human interaction or 
travel to a store location 

• E-commerce relies upon encryption for security 



Traditional Commerce 
vs. E-Commerce 

• Direct Interaction 

• based around face to face interaction 

• Lower Costs 

• E-Commerce is usually much cheaperthan 
maintaining a physical store 

• Reach 

• restricted to people 

• Returns Rate 

• restricted to people 

• Credit Card Fraud 



In E-commerce 


• Everything is digital. 

• Less overhead costs 

• Elimination of the middleman ( disintermediation) 

• Financial transactions on the internet can actually 
be more secure than in traditional retail 
environments. 

• Speed. 

• Customer Empowerment 

• Personalization. 



ADVANTAGES OF E-COMMERCE 


• Faster buying/selling procedure, as well as easy to 
find products. 

• Buying/selling 24/7. 

• More reach to customers, there is no theoretical 
geographic limitations. 

• Low operational costs and better quality of services. 

• No need of physical company set-ups. 

• Easy to start and manage a business. 

• Customers can easily select products from different 
providers without moving around physically. 


Ad van tages of E-Commerce 


• Beingable to conduct business 
24x7 

• Reduce cost to buyers 

• Reduced cost to the suppliers 

• Create New markets- 

• Easy market entry 

• Increase in variety of goods 

• Reduce inventories 

• No Middlemen 

• E-Payment system 

• Ensure secrecy 

• Computer platform 


• Improved and better customer 
service 

• Teamwork 

• Information sharing with the 
customers 

• Customized products 

• Swapping of goods and services 

• Information sharing 

• Global reach 

• Advertising of goods and 
services 

• Higher profits- 


DISADVANTAGES OF E- 
COMMERCE 

• Unable to examine products personally 

• Not everyone is connected to the Internet 

• There is the possibility of credit card number theft 

• Mechanical failures can cause unpredictable 
effects on the total processes. 


e-Commerce Applications 


• Supply Chain Management 

• Remote banking 

• Online Marketing and Advertising 

• Home shopping 

• Video on demand 


Supply Chain management 


• A supply chain is a network of facilities and 
distribution options that performs the function of 
procurement of materials, transformation of thers 
materials into intermediate and finished 
Products, and the distribution of these finished 
Products to customers 

• There are 4 major decision areas in SCM 

• Location 

• Production 

• Inventory 

• Transportation (Distribution) 




■ Procurement refers to the overall process of acquiring a product ot 

service. Depending on the circumstances, it may include some or all 
of the followmg: 

♦ Identifying a need, 

♦ Specifylng the requirements to fulfill the need, 

♦ Identifying potential suppllers, 

♦ Sollcitlng bids and proposals, 

♦ Evaluating bids and proposals, 

♦ Åwarding contracts or purchase orders, 

♦ Tracking progress and ensuring compliance, 

♦ Taking delivery, 

♦ Inspecting and inventorying the deliverable, and 

♦ Paytng the supplier. 








line Advertising 



■ Term referring to the Internet and e-mail based aspects of a 

marketing campaign, such as banner ads, e-mail marketing, 
search engine optimization, Pay-Per-Click, and other tools. Also 
referred to as “Online Advertising." 



THE REVERSE AUCTION PROCESS 


Cost 



Time 








































Remote Banking 


• Ebankin includes familiar and relatively mature 
electronically based products in developing 
markets, such as telephone banking, Credit card 
ATM 


■ E-banking includes familiar and relatively mature electronically- 
based products in developing markets, such as telephone banking, 
credit cards, ATMs, Internet banking and direct deposit. It also 
includes electronic biil payments and products most ly in the 
developing stage, including stored-value cards (e.g., smart 
cards/smart money) and Internet-based stored value products. 

Among the products offered are: 

□ Fund transfer and payment systems; 

□ Integrated B2B e-commerce product, involving product selection, 
purchase order, invoice generation and payment; 

□Securities placement and underwriting and Capital market activities; 

□Securities trading; and 

□ Retail banking. 




■ Electronic publishing includes the publication of newsletters, 
online magazines and databases, brochures and other 
promotional materials, ebooks, and the like. Making information 
availabie for use over computer networks, 

Among the benefits of using online media are 
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* Low-cost 

* Universal access 

* The independence of time and place and 

* Ease of distribution. 


E-COMMERCE FRAMEWORK 


Electronic Commerce Applications 

Supply Chain Management Online Marketing and Advertlslng 

Procurement S, Purchaslng Online Shopping 

Audio and Video on Demand Online Financial Transaction 
Entertalnment and Gainlng Educatlon and Research 


Common Business Services Infrastructure 

(Security/Authentication, Electronic Payment, Di rector i es /C at al og s) 


Multimedia Content & NetWork Publishing Infrastructure 

(Digital Video, Electronic Books, World Wide Web) 


Messaging & Information Distribution Infrastructure 

(EDI, E-Moil r HyperText Transfer Protocol) 


Information Superhighway Infrastructure 

(Telecom, Oa ble TV, Wireless, Internet) 
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1. Network Infrastructure 


• “INFORMATION SUPERHIGHWAY” (l-Way) is the path 
through which actual information flows and moves 
between sender and receiver. 

• It consists of telecommunication companies 

• Cable TV: provide coaxial cables and direct 
broadcastsatellite networks. 

• Wireless companies: provide mobile radio and 
satellite networks. 

• Computer networks include private networks and 
public data networks likethe Internet. 

• They are connected with routers, switches, bridges, 
gateways etc which are devices to connect similar 


2. Multimedia Contents And 
Network Publishing 

• The Information Superhighway is the 
transportation foundation that enables the 
transmission of content. 

• The web allows small businesses and individuals 
to develop content in the form of HTML and 
publish it on a web server. 

• Web provides a means to create product 
information (content) and a means to publish it in 
a distribution center. ( network server). 


3. Messaging And Information 
Distribution Infrastructure 

• The information content transferred overthe 
network consists of text, numbers, pictures, audio 
and video. 

• Once contents has been created and stored on a 
server, messaging and information distribution 
methods carry that content across the network. 

• Messaging vehicle is called middleware software. 

• Messaging and information distribution include 
translators that interpret and transforms data 
formats. 


4. Common Business Services 
Infrastructure 

• facilitating online buying and selling processes. 

• the buyers sends an electronic payment as well 
as some remittance information to the selier. 

• Settlement occurs when the payment and 
remittance information are authenticated by the 
selier and accepted as valid. 

• the payment services infrastructure needs to 
develop encryption and authentication methods 
that ensure security of contents travel i ng on the 
network. 


5. Public Pollcy And Technlcal 
Standards 

• Public Policy And Technical Standards are two 
support pillars for all e-commerce applications and 
infrastructure. 

• Public policy related to e-commerce encompasses 
such issues as universal access, privacy and 
information pricing. 

• Technical Standards dictate the specifics of 
information publishingtools, user interfaces and 
transport. 

• Standards are essential to ensure compatibility 
across the entire network of world. 


Benefits of e-commerce to 
organizations 

• International marketplace 

• e-commerce enabled, businesses now have access to 
people all around the world. 

• Operational cost savings 

• The cost of creating, processing, distributing, storing and 
retrieving paper-based information has decreased. 

• Mass customization 

• www.ford.com 

• No more 24-hour-time constraints. 

• Businesses can be contacted by or contact customers or 
suppliers at any time. 


Benefits of e-commerce to 
organizations (Cont...) 

• Enables reduced inventories and overheads by 
facilitatingSCM 

• collecting the customer order and then delivering through 
manufacturing. 

• Eg: Dell (like color and features) 

• Lower telecommunications cost 

• It is also cheaper to send a fax or e-mail via the Internet 
than direct dialing. 

• Digitization of products and proces ses. 

• In the case of software and music/video products, which 
can be downloaded or e-mailed directly to customers via 
the Internet in digital or electronic format. 


Benefits of e-commerce to 
consumers 


• 24/7 access. 

• For example, checking balances, making payments, 
obtaining travel and other information. 

• More choices. 

• Customers not only have a whole range of products that 
they can choose from and customize, but also an 
international selection of suppliers. 

• Pr/'ce comparisons. 

• Improved delivery processes. 

• immediate delivery of digitized or electronic goods 

• An environment of competition 


Benefits of e-commerce to 
society 

• Enables more flexible working practices, 

• work from home. 

• reduces environmental pollution 

• Connects people. 

• Enables people in developing countries and rural areas to 
enjoy and access products, services, information and other 
people which otherwise would not be so easily available to 
them. 

• Facilitates delivery of public services. 

• For example, health services available over the Internet, 
filingtaxes over the Internet through the Inland Revenue 
website. 


Limitations of e-commerce to 
organizations 

• Lack of sufficient system security, reiiabiiity, 
standards and communication protocols. 

• There are numerous reports of websites and databases 
being hacked 

• For example, Microsoft issued security notices and 
‘patches. 

• Rapidly evolving and changing technology 

• always ‘catch up’ and not be left behind. 

• Under pressure to innovate 

• develop business models to exploit the new opportunities 

• models can be copied and emulated over the Internet 


Limitations of e-commerce to 
organizations (Cont...) 

• Facing increased competition 

• national and international competitors often leads to 
price wars 

• Problems with compatibility of older and ‘newer’ 
technology. 

• organizations runningtwo independent systems where 
data cannot be shared. 

• having to invest in new systems or an infrastructure, 
which bridges the different systems. 


Limitations of e-commerce to 
consumers 

• Computing equipment 

• needed for individuals to participate in the new ‘digital’ economy 

• A basic technicaI knowledge 

• navigation of the Internet and the World Wide Web. 

• Cost of access to the Internet 

• Cost of computing equipment. 

• technology updated regularly for compatible with Internet, websites 
and applications. 

• Lack of security and privacy of personal data. 

• Data protection laws are not universal 

• Physical contact 

• Customers are unable to touch and feel goods 

• A lack of trust 

• they are interacting with faceless computers. 


Limitations of e-commerce to 
society 


Breakdown in human interaction 

• people become more used to interacting electronically 

Social division 

• people who do not have technical skiils become unable to secure 
Detter-paid jobs 

Reliance on telecommunications infrastructure, power and IT 
skiils 

• power, advanced telecommunications infrastructures and IT skilis 
are unavailable or underdeveloped in developing countries 

Wasted resources 

• dispose of all the old computers 

Facilitates Just-ln-Time manufacturing 

• delivery patterns are based on preset levels of stock which last for 
days rather than weeks . 

Difficulty in policing the Internet 



Types of E-comerce 


• B2B (Business-to-Business) 

• B2C (Busi ness-to-Consu mer) 

• C2B (Consumer-to-Business) 

• C2C (Consumer-to-Consumer) 


BUSINESS TO BUSINESS 
(B2B) 


• B2B can be open to all 
interested parties or 
limited to specific, pre- 
qualified participants 
(private e ectronic 
market). 

• Companies doing 
business with each othe 
such as manufacturers 
sellingto distributørs 
and wholesalers selling 
to retailers. 




BUSINESS TO CONSUMER 
(B2C) 

• Businesses selling to the general public typically 
through catalogs utilizing shopping cart software. 

• B2C is the i ndi reet trade between the company 
and consumers. 

• It provides direct selling through online. 

• If you want to seil goods and services to customer 
so that anybody can purchase any products 
direetly from supplier’s website. 


CONSUMER TO BUSINESS (C2B) 


• A consumer posts his project with a set budget 
online and within hours companies review the 
consumer's requirements and bid on the project. 

• The consumer reviews the bids and selects the 
company that will compiete the project. 

• C2B empowers consumers around the world by 
providingthe meeting ground and platform for 
such transactions. 


CONSUMER TO CONSUMER 

(C2C) 

• It facilitates the online transaction of goods or 
services between two people. 

• Though there is no visible intermediary involved 
but the parties cannot carry out the transactions 
withoutthe platform which is provided by the 
online market maker such as eBay. 


Introduction to 
E-Commerce 


UNIT 2 



Introduction to Information 
Superhighway (l-Way) 

• Information superhighway is also known as 
interactive or multimedia superhighway 

• l-way describes a high-capacity (broadband), 
interactive (two-way) electronic pipeline 

• Information superhighway is the global information 

• Communications networkthat includesthe Internet 
and other networks 

• switching systems such as telephone networks, cable 
television networks, and satellite communication 
networks used for e-commerce and many more other 
purposes. 


Broadband Technology 


• Broadband is defined as a high bandwidth 
connection to the Internet 

• It involves large volumes of information being 
carried at high speeds to your PC. 

• This allows websites, text, graphics, music and 
videos to be experienced in real time. 


Broadband features 


• The connection to the Internet is always on, 
allowingfor constant Internet access and no need 
to dial up. 

• The phone line is unaffected 

• Websites, music and videos can be downloaded 
at a fast rate. 

• You can receive uninterrupted real time services 


Types of Broadband 
Connections: 

• 1) Digital Subscriber Line (DSL) 

• 2) Cable Modem 

• 3) Fiber 

• 4) Wireless 

• 5) Satellite 

• 6) Broadband over Powerlines (BPL) 


1. Digital Subscriber Line (DSL) 


• DSL is a wireline transmission technology that 
transmits data faster over traditional copper 
telephone lines already installed to homes and 
businesses. 

• DSL based broadband provides transmission 
speeds ranging Kbps to Mbps 


Types of DSL transmission 
tech nologies 

• Asymmetrical Digital Subscriber Line (ADSL) 

• customers who receive a lot of data but do not send much 

• faster speed in the downstream than the upstream 

• Symmetrical Digital Subscriber Line (SDSL) 

• businesses for services which need significant bandwidth 
both upstream and downstream. 

• High data rate Digital Subscriber Line (HDSL) 

• Data rate of almost 2Mbps can be achieved without 
repeaters up to distance 3.6km 

• Very High data rate Digital Subscriber Line (VDSL) 

• Short distance up to 300 to 1800m 

• Data rate of 50 to 55 Mbps downstream and 1.5 to 2.5 
Mbps upstream 


2. Cable Modem 


• Cable modem service enables cable operators to 
provide broadband usingthe same coaxial cables 

• Most cable modems are external devices that have 
two connections: 

• one to the cable wall outlet 

• other to a computer. 

• They provide transmission speeds of 1.5 Mbps or 
more. 

• You can still watch cable TV while using internet. 

• Transmission speeds vary depending on the type of 
cable modem, cable network, and traffic load. 

• Speeds are comparable to DSL. 


3. Fiber 


• Fiber optic technology converts electrical signals carrying 
data to light and sends the light through transparent glass 
fibers about the diameter of a human hair. 

• Fiber transmits data at speeds far exceeding current DSL 
or cable modem speeds, typically by tens or even 
hundreds of Mbps. 

• The actual speed depending on a variety of factors 

• how close to your computer the service provider brings the fiber 

• how the service provider configures the service, including the 
amount of bandwidth used 

• The same fiber providingyour broadband can also 
simultaneously deliver voice (VolP) and video services, 
including video-on-demand. 


4. Wireless 


• Wireless broadband connects a home or business 
to the Internet using a radio link 

• Wireless broadband can be mobile orfixed. 

• Wireless technologies using longer-range 

• Speeds are generally comparable to DSL and 
cable modem. 

• An external a nten na is usually required. 


5. Satel I i te 


• Just as satellites orbitingthe earth provide necessary 
links for telephone and television service, they can 
also provide links for broadband 

• Downstream and upstream speeds depend on: 

• includingthe provider and service package purchased, 

• the consumer’s line of sight to the orbiting satellite, 

• and the weather. 

• (download) at a speed of about 500 Kbps and send 
(upload) at a speed of about 80 Kbps. 

• Service can be disrupted in extreme weather 
conditions 


B) wi-f i (wireless fidelity) 


• Wi-Fi is the name of a popular wireless networking 
technology that uses radio wavesto provide wireless 
high-speed Internet and network connections 

• Wi-Fi or WiFi is a technology that allows electronic 
devices to connect to a wireless LAN (WLAN) network, 
mainly using the 2.4 gigahertz (12 cm) UHF and 5 
gigahertz (6 cm) SHF ISM radio bands. 

• A WLAN is usually password protected, but may be 
open, which allows any device within its range to 
access the resources of the WLAN network. 


C) Wireless Wide Area NetWork 
(WWAN) 

• A wireless wide area network (WWAN) is a specific 
type of network that sends wireless signals 
beyond a single building or property. 

• wireless WAN may use various types of cellular 
network systems to send signals over a longer 
distance. 

• Large telecom providers larger types of networks 
often require some types of encryption or security 
that a local area network may not need. 


WWAN (cont...) 


• A WWAN often differs from wireless local area 
network (WLAN) by using mobile 
telecommunication cellular network technologies 
such as LTE, WiMAX (often called a wireless 
metropolitan area network or WMAN), UMTS, 
CDMA2000, GSM, cellular digital packet 

data (CDPD) and Mobitex to transfer data. 

• It can also use Wi-Fi to provide Internet access. 


D) UMTS 


• UMTS - Universal Mobile Telephone System 

• Most popular 3G wireless standard. 

• Combines the infrastructure of the Global System for 
Mobiles (GSM) network with superior technology of the 
Code division multiple access (CDMA) air interface. 

• GSM carriers put customer information on a 
removable SIM card. CDMA carriers use network- 
based white lists to verify their subscribers 

• UMTS was originally a European standard. 

• Widely adopted in Japan 

• Approx. complete deployment by the end of 2006. 


3G 


• Third Generation of mobile phones 

• Standard that supports data transfer greater than 2 
Mbps.IEEE 802.11 is not a 3G standard 

• Wide area cellular networks that support data¬ 
intensive applications. 

• Not just an improvement of 2G networks but it 
requires new equipment and new frequency 
bandwidths. 


UMTS Problems 


• Web wasn’t designed for a 2 inch by 3 inch 
screen. 

• Inputting information is much more difficult. Voice 
recognition would help. 

• Overweight handsets with poor battery life. 

• Poor coverage in the US. 

• To support full motion video on demand, base 
stations will need to setup every lkm, which isn’t 
feasible in rural areas. 


E) What is 4G? 


• Fourth Generation Technology 

• Fasterand more reliable 

• 100 Mb/s 

• Lower costthan previous generations 

• Multi-standard wireless system 

• Ad Floc Networking 

• IPv6 Core 

• O FDM (Orthogonal frequency-division multiplexing) 

used instead of CDMA 

• Potentially IEEE standard 802.lin 

• Most information is proprietary 


Communications Architecture 


• Broadcast layer: 

• fix access points, (i.e.) cell tower connected by fiber, 
microwave, orsatellite (ISP) 

• Ad-hoc/hot-spot layer: 

• wireless LANs (i.e. internet at Starbuck’s) 

• Personal Layer Gateway: 

• devices that connect to upper layers; cell phone, fax, voice, 
data modem, MP3 players, PDAs 

• Info-Sensor layer: 

• environmental sensors 

• Fiber-optic wire layer: 

• high speed subterranean labyrinth of fiber optic cables and 
repeaters 


Enhance Mobile Gaming 

Experience enhance wireless 
capabilities that deliver mobile gaming 
interaction with less than five seconds 

Play online multi player games while 
traveling at high speeds or sitting 
outside 


Broadband access in Remote 
location 

•4G will provide a wireless 
alternative for broadband access 

• It will provide first opportunity for 
broadband access in remote 
locations without an infrastructure 
to support cable or DSL access. 


F) Bluetooth 


• Bluetooth is a wireless technology for exchanging 
data over short distances. 

• The chip can be plugged into items such as 
computers, digital cameras, mobile phones and 
faxes. 

• Using a special radio frequency to transmit data, 
it creates a short range network. 

• It is very secure and can connect up to eight 
devices at the same time. 


Security in Bluetooth 


• When any device tries to connect to yours, you - 
as the user - have to allow it before it can 
connect. 

• In al most all cases, users can establish ‘trusted 
devices’ which can exchange data without asking 
permission. 

• You can increase security further by switching on 
the ‘non-discoverable’ mode and avoiding 
connection with other Bluetooth devices. 


Why do we need agents? 


► Increasingly networked, temporary 
connectivity increasing (wireless). 

► Data overload (e-mail, web pages, fax, 

• • • j • 

► Greater exchange of digital information 

► Increasingly dependent upon electronic 
sources of information 

► Desire to be ‘better informed’. 


what is a software agent? 


► Something that acts on behalf of another 

► Is sociable, capable of meaningful 
interaction with other agents (and 
humans) 

► Can make decisions on our behalf 

► Is capable of adapting to changing 
environments and learning from user 
interaction 

► Is mobile 


A Basic Definition 


► ‘‘Intelligent software agents are defined 
as being a software program that can 
perform specific tasks for a user and 
possessing a degree of intelligence that 
permits it to performs parts of its tasks 
autonomously and to interact with its 
environment in a useful manner.” 

► From Intelligent Software Agents Brenner, 
Zarnekow and Wittig. 


Potential agent rewards: 

In the Internet 

► efficiency: agent is given goal 
and returns the result; 

► effectiveness: agent can 
terminate searen when 
acceptable solution found. Has a 
higher degree of multi-threading; 

► transparency and optimization: 

correlation between multiple 
data sources possible => higher 
quality results. 


a) Static Agent 


► It Simply sits on computer and actively monitores 
the environment 

► Static agent do not roam around but use 
embedded knowledge to assist in filtering and 
processing of incoming transaction 

► Eg: A mail agent executes in background and is 
activated only when there is incoming mail 
message then atter processing the mail the 
agent goes to sleeping state until another event 
request processing 


Dynamic Agent (Mobile 
Agent) 

► Dynamic agent can execute command 
independently while living on a remote server, 
only reporting back to its home base when the 
given task is accomplished 

► Eg: dynamic agent can search for the cheapest 
price ticket available for required route on 
required date, find the amount available on 
user's bank account, communicate with other 
agents of different sellers then purchase ticket for 
its owner by choosing the best deal then lastly 
notifies the owner 











WHAT 


NETWORK? 


■ A network has been defined as "any set of 
interlinking lines resembling a net, a network of 
roads, an interconnected system, a network of 
alliances." 

■ a computer network is simply a system of 
interconnected computers. 

■ What is the Internet? 

■ The Internet is the world's largest network of networks. 

■ Internet is a network of networks — not a network of hosts. 




NETWORK SECURITY INTRODUCTION 

■NetWork Security 

■process of taking physical and software 
preventative measures 

■protect the underly ing networking infrastructure 

■from unauthorized access, misuse, malfunction, 
modification, destruction, or improper disclosure, 

■by creating a secure platform for computers, 
users and programs to perform their permitted 
critical functions within a secure environment. 






■Network security consists of 
the policies adopted to prevent and 
monitor unauthorized access, misuse, 
modification, or denial of a computer 
network and network-accessible 
resources. 


■Network security involves the 
authorization of access to data in a 
network, which is controlled by the 

network administrator 




FMTOR IUTHENTIMTIO 


■ Network security starts with authenticating, 
commonly with a username and a password. 

■ one detail authenticating the user name—i.e., the 
password —this is sometimes termed one-factor 
authentication. 

■ two-factor authentication, something the user 'has' 
is also used (e.g., a security token or 'dongie', 

an ATM card, or a mobile phone) ; 

■ three-factor authentication, something the user 'is' 
also used (e.g., a fingerprint or retinal scan). 





DIMENSIONS OF NETWORK SECDRITY 


■ Access 

■ authorized users are provided the means to communicate to 
and from a particular network 

■ Confidentiality 

■ Information in the network remains private 

■ Authentication 

■ Ensure the users of the network are who they say they are 

■ Integrity 

■ Ensure the message has not been modified in transit 






■ Availability 

■ Information should be available wherever and whenever 
requirement within time limit specified. 

■ Encryption 

■ Information should be encrypted and decrypted only by 
authorized user. 

■ Auditability 

■ Data should be recorded in such a way that it can be 
audited for integrity requirements. 

■ Non-repudiation 

■ Ensure the user does not denay that he used the network 






CUSTOMER AND MERCHANT PERSfEC'flVES ON THE 
DIFFERENT DIMENSIONS OF E-COMMERCE SECDRITY 


TABLE 5.1 


CUSTOMER AND MERCHANT PERSPECTIVES ON THE 
DIFFERENT DIMENSIONS OF E-COMMERCE SECURITY 


CUSTOMER'S 
DIMENSIONS PERSPECTIVE 


MERCHANT'S 
PERSPECTIVE 


Integrity 

Nonrepudiation 

Authenticity 

Confidentiality 

Privacy 

Availability 


Has information I transmit or receive 
been altered? 

Can a party to an action with me 
later deny taking the action? 

Who am I dealing with? How can I 
be assured that the person or entity 
is who they claim to be? 

Can someone other than the 
intended recipient read my 
messages? 

Can I control the use of information 
about myself transmitted to an 
e-commerce merchant? 


Can I get access to the site? 



Has data on the site been altered 
without authorization? Is data being 
received from customers valid? 

Can a customer deny ordering 
products? 

What is the real identity of the 
customer? 


Are messages or confidential data 
accessible to anyone other than 
those authorized to view them? 


What use, if any, can be made of 
personal data collected as part of 
an e-commerce transaction? Is the 
personal information of customers 
being used in an unauthorized 
manner? 

Is the site operational? 











E-CØMME1CE THREATS 


■ Intellectual property threats 

■ Client computer threats 

■ Communication channel threats 

■ Server threats 




INTELLECTUAL PROPERTY THREATS 


■ use existing materials found on the Internet 
without the owner's permission 

■ Example: 

■ music downloading 

■ domain name (cybersquatting) 

■ cybersquatting is registering, trafficking in, or using a domain 
name with bad-faith intent to profit from the goodwill of a 
trademark belonging to someone else 

■ software pirating 




CLIENT COMPUTER THREATS 


■ Trojan horse 

■Trojans appear to be benign programs to the user, but will 
actually have some malicious purpose. 

■Trojans usually carry some payload such as a virus 

■ Viruses 

■Viruses are self-replication programs that use files to infect 
and propagate. 

■ Once a file is opened, the virus will activate within the 
system. 




■ Active contents 

■ Active content may require browser plug-ins for execution. 

■For example, the RealPlayer plug-in allows Web browser 
user s to watch videos online. 

■Active content is mainly used by websites to build 
animations as well as other interactive features. 

■ Sadly, it may also be exploited to deliver and execute 
malicious code on users' computers. 

■Active content may automatically be downloaded into users' 
computers without their knowledge or consent. Also, it can 
be sent via instant messages and email. 

■ Phishing 

■ Malware 

■ Spyware 

■ Hacking 

■ Adware 






■Java applets, Active X Controls, JavaScript, and 
VBScript, which are programs that interpret or 
execute instructions embedded in downloaded 
objects from a Web/commerce server 

■Malicious active content can be embedded into 
seemingly innocuous Web pages 

■Cookies remember user names, passwords, and 
other commonly referenced information 






COMMUNICATION CHfiNNEL THREfiTS 


■ Secrecy Threats: 

■Secrecy is the prevention of unauthorized 
information disclosure. It requires sophisticated 
physical and logical mechanism to implement 

■Theft of sensitive or personal information (e-mail 
address, credit card number)is a significant 
danger in e-commerce 

■Sniffer programs can tap into a router of the 
Internet and record information while it passes 
from a Client computer to a Web server. 




■ Integrity Threats: 

■Also known as active wiretapping 

■ Unauthorized party can alter data such as changing the 
amount of a deposit or withdrawal in bank transaction over 
the Internet 

■ A hacker can create a mechanism such that all transactions 
from a Web site redirects to a fake location. 

■ Necessity Threats: 

■Also known as delay or denial threats 

■ Disrupt normal computer processing 

■ Deny processing entirely 

■ Slow processing to intolerably slow speeds such that customers 
get bored not to visit the site anymore. 

■ Remove file entirely, or delete information from a transmission or 


file 


Divert money from one bank account to another 






■ Backdoor 

■ A backdoor is a method, often secret, of bypassing 
normal authentication in a product, computer system, 
cryptosystem or algorithm etc. 

■ Spoofing 

■ a spoofing attack is a situation in which one person or 
program successfully masquerades as another by falsifying 
data, thereby gaining an illegitimate advantage. 

■ DoS and dDoS Attacks 

■Denial of service (DoS) attack: Hackers flood Web site with 
useless traffic to inundate and overwhelm network 

■Distributed denial of service (dDoS) attack: hackers use 
numerous computers to attack target network from 
numerous launch points 


■Viruses: 



self-replicating computer programs designed to pe 
unwanted events. 


■ Worms: 

■ special viruses that spread using direct Internet 
connections. 


■ Trojan Horses: 

■ disguised as legitimate software and trick users into 
running the program Security (unauthorized access) 

■ Passive unauthorized access 

■listening to Communications channel for finding secrets. 

■ May use content for damaging purposes 


■ Active unauthorized access 


■ Modifying system or data 

■ Message stream modification 


Changes intent of messages, e.g., to abort or delay a 
negotiation on a contract »Masquerading or spoofing 
sending a message that appears to be from someone 





■ Passive unauthorized access 

■listening to Communications channel for finding secrets. 

■ May use content for damaging purposes 

■ Active unauthorized access 

■ Modifying system or data 

■ Message stream modification 

■ Changes intent of messages, e.g., to abort or delay a 
negotiation on a contract *Masquerading or spoofing - 
sending a message that appears to be from someone else. 




SERVER THREJLTS 


■ The more complex a Web server software 
becomes, the higher the probability that errors 
(bugs) exist in the code - security holes through 
which hackers can access. 


■ Web servers run at various privilege levels: 

■Highest levels provide greatest access and 
flexibility to a Web user (from a browser) 

■Lowest levels provide a logical fence around a 
running program 



Secrecy violations occur when the contents 
server’s folder names are revealed to a Web 
browser 



■ Web site administrators can turn off the “Allow 
Directory Browsing” feature to avoid secrecy 
violations 

■ Cookies requested by a Web server, containing a 
user’s Userid and Password in a Client computer, 
should never be transmitted unprotected 

■ Database Threats 

■ A company database systems store data on user, products, 
and orders for e-commerce 

■ In addition, a company’s valuable and private information 
could be stored in a company database 

■ Security in a database is often enforced through defining 
the user “privileges” which must be enforced 

■ Some databases are inherently insecure and rely on the 
Web server to enforce security measures 






■Common Gateway Interface (CGI) 
Threats 

■CGIs are programs that present a security 
threat if misused 

■CGI programs can reside almost anywhere 
on a Web server and therefore are often 
difficult to track down 

■CGI scripts do not run inside a sandbox, 
unlike JavaScript 
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VULNERABLE POINTS IN AN E-COIMERCE ENVIRONMENT 


Security Risks 
Internet 

Communications 

Servers 

ISP 

Merchant 

Banks 


Clients 

Business 

Home 




Tapping and sniffing 
Alteration of messages 
Theft and fraud 


DoS attack 
Hacking 

Malicious code attack 
Theft and fraud 
Line taps 
Vandalism 



Malicious code attack 
Line taps 
Physical loss 















MALICIQUS CODE 


■ Viruses: computer program that has ability to 
replicate and spread to other files; most also 
deliver a “payload” of some sort (may be 
destructive or benign); include macro viruses, file- 
infecting viruses, and script viruses 

■ Worms: designed to spread from computer to 
computer 


■ Trojan horse: appears to be benign, but then does 
something other than expected 


■ Bots: can be covertly installed on computer; 
responds to external commands sent by the 
attacker 





PHISHING 


■Any deceptive, online attempt by a third 
party to obtain confidential information for 
financial gain 

■Most popular type: e-mail scam letter 

■One of fastest growing forms of e-commerce 
crime 




HACKING AND CYBERVANDALISM 


■ Hacker: Individual who intends to gain 
unauthorized access to computer systems 

■ Cracker: Used to denote hacker with criminal 
intent (two terms often used interchangeably) 

■ Cybervandalism: Intentionally disrupting, defacing 
or destroying a Web site 

■ Types of hackers include: 

■White hats 

■ Black hats 

■ Grey hats 




CREDIT CARD FRAUD 


■ Fear that credit card information will be stolen 
deters Online purchases 

■ Hackers target credit card files and other customer 
information files on merchant servers; use stolen 
data to establish credit under false identity 

■ One solution: New identity verification mechanisms 




INSIGHT ON SOCIETY: “EYIL TWINS” IND 
“PHARMING”: KEEPING UP WITH THE HACKERS? 



and “pharming” 

1 What is meant by “social engineering techniques?’ 

1 What is the security weakness in the domain name 
system that permits pharming? 


■ What steps can users take to verify they are 
communicating with authentic sites and networks? 





OTHER SECURITY THREflTS 


■ Sniffing: Type of eavesdropping program that 
monitors information traveling over a network; 
enables hackers to steal proprietary information 
from anywhere on a network 

■ Insider jobs: Single largest financial threat 

■ Poorly designed server and Client software: 
Increase in complexity of software programs has 
contributed to an increase is vulnerabilities that 
hackers can exploit 










WHAT IS A FIREWALL? 


■ A choke point of control and monitoring 

■ Interconnects networks with differing trust 

■ Imposes restrictions on network services 

■ only authorized traffic is allowed 

■ Auditing and controlling access 

■ can implement alarms for abnormal behavior 

■ Itself immune to penetration 

■ Provides perimeter defence 




immjsiQN 

PREVENT1QN 














Middle ground between protected and public nets 

■ Damage detection and limitation 

■ Uses 

■ Block access 

■ Selected prevention 

■ Monitor 

■ Record 

■ Encryption 





CLASSinCATION OF FIREWALL 


■Characterized by protocol level it Controls 
in 

■ Packet filtering 

■ Circuit gateways 

■ Application gateways 

■Combination of above is dynamic packet 
filter 




FIREW1LLS 



PACKET FILTERS 


Security Perimeter 

Packet^^^ 
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(a) Packet-fil tering router 









FIREWILLS - PACKET FILTERS 


■ Sometime called screening router 

■ It receives packets and evaluates them according 
to a set of rules that are usually in the form of 
access control lists 


■ These packets may be forwarded to their 
destinations, dropped, or dropped with a return 
message to the originator describing what 
happened. 


■ most frequently applied are 
■ IP Source Address, Destination Address 



all packets from source address 128.44.9.0 through 128.44.9.255 
might be accepted, but all other packets might be reject 



■ Source and destination port 

■ all TCP packets originating from or destined to port 25 

■ the simple mail transfer protocol, or SMTP, port 

■ might be accepted, but all TCP packets destined for port 79—the 
finger port—might be dropped). 

■ Direction of traffic 

■ inbound or outbound 

■ Type of protocol 

■ IP, TCP, user datagram protocol, or internetwork packet 
exchange 

■ The packet's State 

■ SYN, meaning synchronize, or ACK, which is the 
acknowledgement that a connection between hosts has already 
been established 





FIREW1LL GATEW1YS 


■ Firewall runs set of proxy programs 

■ Proxies filter incoming, outgoing packets 

■ All incoming traffic directed to firewall 

■All outgoing traffic appears to come from firewall 

■ Policy embedded in proxy programs 

■ Two kinds of proxies 

■ Application-level gateways/proxies 

■ Tailored to http, ftp, smtp, etc. 

■ Circuit-level gateways/proxies 

■ Working on TCP level 




FIREWALLS - APPHCATION LETEL GATEWAY (OR 
PROXY) 


Application-level 



(b) A p p I i cat i o n-1 e ve I gateway 



















APPHCATION-LEYEL FILTERING 


■ Has full access to protocol 

■ user requests service from proxy 

■ proxy validates request as legal 

■ then actions request and returns result to user 

■ Need separate proxies for each service 

■E.g., SMTP (E-Mail) 

■ NNTP (Net news) 

■ DNS (Domain Name System) 

■ NTP (NetWork Time Protocol) 

■ custom services generally not supported 




APP-LEVEL FffiEWALL MCHITEC'fURE 



Daemon spawns proxy when communication detected 



















ETREW&LLS - CIRCUIT LEVEL GATEWAY 
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(c) Circuit-level gateway 
















FIREWALLS - CIRCUIT LETEL GATEWAY 


■ Applies security mechanisms when 
a TCP or UDP connection is established. Once the 
connection has been made, packets can flow 
between the hosts without further checking. 


■ circuit-gateway firewall, has been designed to 
remedy this limitation by producing a more 
seamless, transparent connection between clients 
and destinations using routines in special libraries. 




■ The connection is often described as a Virtual 
Circuit, because the proxy creates an end-to-end 
connection between the Client and the destination 
application. 



■ Most circuit-gateway firewalls are implemented 
using SOCKS, a tool that includes a set of Client 
libraries for proxy interfaces with clients. 

■ SOCKS receives an incoming connection from 
clients, and if the connections are allowed, it 
provides the data necessary for each Client to 
connect to the application. 

■ Each client then invokes a set of commands to the 
gateway. 

■ The circuit-gateway firewall imposes all predefined 
restrictions, such as the particular commands that 
can be executed, and establishes a connection to 
the destination on the client's behalf. 


■ To users, this process appears transparent. 





WHAT IS m INTI-VIRUS? 


■ Antivirus software is a class of program that 
searches a hard drive and floppy disk for any 
known or potential viruses. 

■ Antivirus program runs in the Random 
Accesses Memory of a computer. 


■ Anti-virus software typically uses two different 
techniques to accomplish this: 

■ Examining files to look for known viruses by means of a virus 
dictionary. 


■ Identifying suspicious behavior from any computer program 
which might indicate infection. 



■ Most commercial anti-virus software uses both of these 
approaches, with an emphasis on the virus dictionary 
approach. 






ANTI-VIRUS? 


■ Anti-virus is a software (computer program) that 
scans files or your computer's memory for certain 
patterns that may indicate an infection. The 
patterns it looks for are based on the signatures, or 
fingerprints, of known viruses. 

■ Once a virus is detected in the wild, the Anti-Virus 
companies then release these new patterns for 
your Anti-virus software to use. 

■ These updates come out daily by some vendors. 


1 Virus authors are continually releasing new and 
updated viruses, so it is important that you have the 
latest definitions installed on your computer. 


i 




WH1T IS IN ANTI-VIEOS? 

■ Once you have installed an anti-virus 
package, you should scan your entire 
computer periodically. Always leave your 
Anti-virus software running so it can provide 
constant protection. 

■ Automatic scans- Depending what 
software you choose, you may be able to 
configure it to automatically scan specific 
files or directories and prompt you at set 
intervals to perform complete scans. 




WHfiT IS IN ANTI-VIEDS? 

■ Manual scans- It is also a good idea to 
manually scan files you receive from an 
outside source before opening them. 

This includes: Saving and scanning email 
attachments or web downloads rather than 
selecting the option to open them directly 
from the source. Scanning floppy disks, CDs, 
or DVDs for viruses before opening any of 
the files 




HOV DOES AH ANTI-VIRHS WORKS? 

■Anti-virus applications maintain a database 
of known viruses and compare scanned files 
that match the characteristics of known 
viruses. 

■ If a scanned files matches those 
characteristics of known viruses. 

■ If a scanned file matches those 
characteristics, it is quarantined (which 
means moved to a new, presumably safe 
location on disk and renamed, so you c 
find it should you ever need it) so that i 
cannot affect other files on your system 

i 




HOW DOES AN ANTI-VIRUS WORKS? 

■Signature detection is just one way of 
identifying viruses and is only effective if 
the virus database is up-to-date and 
contains the signature of a virus. 

■Anti-virus programs also attempt to identify 
suspicious behavior include an application 
attempting to write to an executable file, 
altering needed system files, making 
suspicious registry entrees, or adding to the 
list of items that execute automatically 
system start up. 





HOW DOES AN ANTI-VIRUS WORKS? 

■ Once the file is quarantined, the application can 
attempt to repair it, delete it, or prompt you for a 
decision on what to do about the file infected. 

■ This approach helps protect against unidentified or 
encrypted viruses and can alert you to suspicious 
behavior happening on your computer. 

■ This interesting is an area where anti-spyware/anti- 
adware and anti-virus software often notice the 
same kinds of activities, because they are typical 
for adware and spyware as well as malware 




WHY DIDN'T MY ANTIVIRUS SOFTWARE 
WORK? 

■ It's crucial to keep your antivirus software 
current with the latest updates (usually 
called definition files) that help the tool 
identify and remove the latest threats. 

■ In addition, not all antivirus tools are the 
same; if you find that the one you use isn't 
working to your satisfaction, you should do 
some research and try an alternative. 




DATA 



MESSAGE SECU 



■ Would you be willing to type in your credit card 
number knowing the risk? 

■ Even worse, would you expose your customers to 
that risk? 

■ In short, the lack of business transaction security is 
widely acknowledged as a major impediment to w 

■ Transaction security issues can be divided into two 
types: 

■ data security 

■ message security. 






DATA SECITRITY 


■ Also, computer industry trends toward distributed 
computing, and mobile computers, users face 
security challenges. 


■ Sniffer attacks begin when a computer is 
compromised and the cracker installs a packet 
sniffing program that monitors the network to which 
the machine is attached. 

■ The sniffer program watches for certain kinds of network 
traffic, typically for the first part of any Teinet, FTP, or login 
sessions 


The first part of the session contains the log-in ID, password, 
and user name of the person logging into another machine, 
all the necessary information a sniffer needs to log in 
other machines. 






MESSAGE SECURITT 


■ Threats to message security fail into three 
categories: 

■ confidentiality, 

■ integrity, and 

■ authentication. 




ENCRYPTION TECHNIQUES FOR DATA 
AND IRESSAGE SECURITY 

■ Encryption is a generic term that refers to the act of 
encoding data, in this context so that those data can 
be securely transmitted via the Internet. 

■ Encryption can protect the data at the simplest 
level by preventing other people from reading the 
data. 


■ Encryption technologies can help in other ways as 
well 


establishing the identity of users ; 

control the unauthorized transmission or forwarding of data; 
verify the integrity of the data 

ensure that users take responsibility for data that the 
transmitted. 


i 




■ Encryption can therefore be used either to keep 

Communications secret or to identify people 

involved in Communications 

■ Encryption Provide Following Security: 

■ Message Integrity : provides assurance that the message 
has not been altered. 

■ No repudiation: prevents the users from denying he/she 
sent the message 

■ Authentication: provides verification of the identity of the 
person (or machine) sending the message. 

■ Confidentiality: give assurance that the message was not 
read by others. 

■ There are two types of encryption: 

■ symmetric key encryption and 

■ asymmetric key encryption. 






SYMMETRIC KEY ENCRYPTION (PRIVATE OR 
SECRET KEY ENCRYPTION): 
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■ Encryption algorithms that use the same key for 
encrypting and for decrypting information are 
called symmetric-key algorithms. 

■ The symmetric key is also called a secret key 
because it is kept as a shared secret between the 
sender and receiver of information. 


■ Symmetric key encryption is much faster than 
public key encryption, often by 100 to l,000times. 
Symmetric key technology is generally used to 
provide secrecy for the bulk encryption and 
decryption of information. 


■ Cryptography-based security technologies use a 
variety of symmetric key encryption algorithms to 
provide confidentiality. 


■ Symmetric algorithms have the advantage of 
consuming too much computing power. 





■ People can use this encryption method as either a 
"stream" cipher or a "block" cipher, depending on 
the amount of data being encrypted or decrypted 
at a time. 

■ A stream cipher encrypts data one character at a 
time as it is sent or received, 

■ a block cipher processes fixed block (chunks) of 
data. 

■ Common symmetric encryption algorithms include 
Data Encryption Standard (DES), Advanced 
Encryption Standard (AES), and International Data 
Encryption Algorithm (IDEA). 




ASYMMET1IC KEY ENCKYPTION(PUBLIC 
KEY ENCEYPT10N): 
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■ Encryption algorithms that use different keys for 
encrypting and decrypting information are most 
often called public-key algorithms but are 
sometimes also called asymmetric key algorithm. 

■ Public key encryption requires the use of both a 
private key (a key that is known only to its owner) 
and a public key (a key that is available to and 
known to other entities on the network). 


■ A user's public key, for example, can be published 
in the directory so that it is accessible to other 
people in the organization. 


1 Information that is encrypted with the public key 
can be decrypted only with the corresponding 
private key of the set. 




■ Today, public key encryption plays an increasingly 
important role in providing strong, scalable 
security on intranets and the Internet. Public key 
encryption is commonly used to perform the 
following functions: 

■ Encrypt symmetric secret keys to protect the symmetric 
keys during exchange over the network. 

■ Create digital signatures to provide authentication and non- 
repudiation for Online entities. 

■ Create digital signatures to provide data integrity for 
electronic files and documents. 




Organizational Behaviour 


Concept of OB 

• Organization are combination of humanity and technology. 

• Organizations are social systems. 

• OB is nothing more than developing our understanding and 
development of people skiil. 

• OB is multidisciplinary field devoted to understanding 
individual and group behavior, interpersonal processes, and 
organizational dynamics. 

• OB is Study of human behavior in organizations. 

• OB is the study and application of knowledge about how 
people act within the organization. 

• It is a human tool for human benefit. 



OB can be classified into four areas: 

1. People 

2. Structure 

3. Technology 

4. Environment 

When people join the organization to accomplish the 
goals/ objectives, some kind of structure is required. 
They use machinery, gadgets & technology to 
achieve the organizational goals. At the same time 
they are influenced by external environment. 



Definitions of OB 


Organizational Behavior is the study of individuals and their 
behavior within the context of the organization in a workplace 
setting. It is an interdisciplinary field that includes sociology, 
psychology, communication and management. 

The study of organizations and of the collection of people 
within them together comprises the field of organizational 
behavior. Organizational behavior (OB) is the study of human 
behavior in organizational settings, the interface between 
human behavior and the organization, and the organization 
itself. 

Organizational Behavior is a field of study that investigates the 
impact that individuals, groups, and structure have on 
behavior within organizations for the purpose of applying such 
knowledge towards improving an organization's effectiveness. 



OB is directly concerned with the understanding, predicting and 
controlling of human behavior in organizations. - Luthans 

The study and application of knowledge about human behaviour 
related to other elements of an organization such as structure, 
technology and social systems. - LM Prasad 

Organizational behaviour as a systematic study of the actions and 
attitudes that people exhibit within organizations. - Stephen P 
Robins 

O.B as a branch of the social science that seeks to build theories 
that can be applied topredicting understanding and controlling 
behavior in work organizations. - Roman J. Alday 

"Organizational behaviour is a field of study that investigates the 
impact that individuals, groups and organizational structure have 
on behaviour within the organization, for the purpose of applying 
such knowledge towards improving an organizational 
effectiveness. 



Features of OB 

1) A separate field of study and not a discipline only It has assumed 
the status of a distinet field of study. It is a part of general 
management. It represents behavioral approach to management. 

2) An inter-disciplinary approach The OB is heavily influenced by 
several other behavioral Sciences and social Sciences like 
psychology, Sociology and anthropology. OB has psychological 
foundations. The concept like learning, perception, attitude, 
motivation etc is borrowed from psychology, sociology and 
anthropology. 

3) A Normative Science Organizational behaviour is a normative 
science. A normative science prescribes how the various tindings 
of researches can be applied to get organizational results, which 
are acceptable to the society. Thus, what is acceptable by the 
society or individuals engaged in an organization is a matter of 
values of the society and people concerned. 



4) A Science and Art Organization behavior is both art and science. It is 
considered as art because it contains knowledge about behavior of 
individuals. It is considered as science because it involves application of 
science. 

5) Humanistic and Optimistic Approach Organizational behaviour focuses 
the aftenbon on people from humanistic point of view. It is based on the 
belief that needs and motivation of people are of high concern. Further, 
there is optimism about the innate potential of man to be independent, 
Creative, predictive and capable of contributing positively to the objectives 
of the organization. 

6) Oriented towards Organizational Objectives Organizational behaviour is 
oriented towards organizational objectives. In faet, organizational 
behaviour tries to integrate both individual and organizational objectives 
so that both are achieved simultaneously. 

7) A Total System Approach An individuals behaviour can be analyzed 
keeping in view his psychological framework, interpersonal-orientation, 
group influence and social and cultural factors; Thus, individuals nature is 
quite complex and organizational behaviour by applying systems approach 
tries to find solutions for this complexity.. 



Contributing Fields to Oreanizational Behaviour 

Psychology: Psychology is an applied science, which attempts to 
explain human behaviour in a particular situation and predicts 
actions of individuals. Psychologists have been able to modify 
individual behaviour largely with the help of various studies. It has 
contributed towards various theories on learning, motivation, 
personality, training and development, theories on individual 
decision making, leadership, job satisfaction, performance 
appraisal, attitude, ego State, job design, work stress and conflict 
management. Studies of these theories can improve personal skiils, 
bring change in attitude and develop positive approach to 
organizational systems. Various psychological tests are conducted 
in the organizations for selection of employees, measuring 
personality attributes and aptitude. Various other dimensions of 
human personality are also measured. These instruments are 
scientific in nature and have been finalized after a great deal of 
research. 



Sociology: Science of Sociology studies the impact of 
culture on group behaviour and has contributed to a 
large extent to the field of group-dynamics, roles that 
individual plays in the organization, communication, 
norms, status, power, conflict management, formal 
organization theory, group processes and group decision- 
making. 

Political science: Political science has contributed to the 
field of organizational behaviour. Stability of government 
at national level is one major factor for promotion of 
international business, financial investments, expansion 
and employment. Various government rules and 
regulations play a very decisive role in growth of the 
organization. All organizations have to stand by the rules 
of the government of the day. 



Social psychology: Working organizations are formal assembly of people who 
are assigned specific jobs and play a vital role in formulating human 
behaviour. It is a subject where concept of psychology and sociology are blend 
to achieve better human behaviour in organization. The field has contributed 
to manage change, group decision-making, communication and ability of 
people in the organization, to maintain social norms. 

Anthropology: It is a field of study relating to human activities in various 
cultural and environmental frameworks. It understands difference in 
behaviour based on value system of different cultures of various countries. 
The study is more relevant to organizational behaviour today due to 
globalization, mergers and acquisitions of various industries. The advent of 
the 21st century has created a situation where in cross-cultural people will 
have to work-in one particular industry. Managers will have to deal with 
individuals and groups belonging to different ethnic cultures and exercise 
adequate control or even channelize behaviour in the desired direction by 
appropriately manipulating various cultural factors. Organization behaviour 
has used the studies on comparative attitudes and cross-cultural transactions. 
Environment studies conducted by the field of anthropology aims to 
understand organizational human behaviour so that acquisitions and mergers 
are smooth. 



Sienificance of OB 

• Managing Workplace Diversity- Work force diversity means 
that organizations are becoming more heterogeneous in terms 
of gender, which varies from the so-called norm. It includes 
women, south Indians, Bengalies, Punjabies , physically 
disabled, elderly etc. 

• Improving ethical behavior- After understanding the 
mechanism of human behaviour, managers are required to 
control and direct the behaviour so that it conforms to the 
standards required for achieving the organisational objectives. 
Thus, managers are required to control and direct the 
behaviour at all levels of individual interaction. Therefore, 
organisational behaviour helps managers in controlling and 
directing in different areas such as use of power and sanction, 
leadership, communication and building organisational climate 
favourable for better interaction. 



In define authority, power and status of an employee - 

The behaviors can be controlled and directed by the use 
of power and sanction, which are formally defined by the 
organization. Power is referred to as the capacity of an 
individual to take certain action and may be utilized in 
many ways. Organizational behaviour explains how 
various means of power and sanction can ,be utilized so 
that both organizational and individual objectives are 
achieved simultaneously. 

In making communication- Communication helps people 
to come in contact with each other. To achieve 
organisational objectives, the communication must be 
effective. The communication process and its work in 
inter-personal dynamics have been evaluated by 
organisational behaviour. 



Essential to effectively strategy implementatfon- 

Organizations, as dynamic entities are characterized by 
pervasive changes. Organizations have to adapt 
themselves to the environmental changes by making 
suitable, internal arrangements such as convincing 
employees who normally have the tendency of resisting 
any changes. 

It contains a body of theory research, application 
associated when a growing concern for in work place. Its 
study helps in understanding human behavior. The study 
of theories and research experiences of organization 
facilitates manager for Creative thinking to solve human 
problems in organizations 

Information Technology gives power and information to 
the one who can use it best. 



The environment is changing rapidly making 
adaptation and change crucial to survival- 
organizations as closed systems isn’t a valid model. 

Improving Quality and Productivity 

In making effective organizational structure 

In making group 

In motivation 

In organizational development 



Evolution of OB 

Robert Owen-(1800) 

• Young Factory Owner-First to emphasize the 
human needs of employees and refused to utilize 
children 

• Taught workers to improve working conditions 

• Father of personnel management 

Andrew Ure-(1935) 

• The Philosophy of Manufacturers -1835 

• Value of human factor in manufacturing 

• Provided welfare facilities to workers 

• J.N. TATA in 1886 Instituted a pension fund & 1895 
began to pay accident compensation. 



William Gilbreth-(1914) 

• “The Psychology of Management” 

F.W.Taylor-(1916) 

• Father of Scientific Management 

• Time & Motion Study 

• Piece Rate Method 

EHenry Fayol (1916) 

• Administrative Management, Principle of Governing 
Behavior, Management Quality 

Elton Mayo-(1920’s & 1930’s) 

• Human behavior at Harvard University 

• Hawthorne's Experiments/Plant 



Abraham H. Maslow (1954): 

• Need Hierarchy Motivation model 

Douglas McGregor (1960): 

• Theory X and Theory Y Managerial Style 

Henry Mintzberg (1960): 

• Managerial Roles : Interpersonal, Informational and 
Decision making 

Peter Drucker (1909 -2005) 

• Father of modern management 

• Importance of change 

• Howtobringbestoutof people 

• Innovation 

• Entrepreneurship 



Oreanizational behavior system 

• A set of detailed methods, procedures and routines created to 
carry out a specific activity, perform a duty, or solve a problem. 

• An organized, purposeful structure that consists of interrelated 
and interdependent elements (components, entities, factors, 
members, parts etc.). These elements continually influence one 
another (directly or indirectly) to maintain their activity and the 
existence of the system, in order to achieve the goal of the 
system. 

• All systems have (a) inputs, outputs and feedback mechanisms, 
(b) maintain an internal steady-state (called homeostasis) 
despite a changing external environment, (c) display properties 
that are different than the whole (called emergent properties) 
but are not possessed by any of the individual elements, and 
(d) have boundaries that are usually defined by the system 
observer. 



An organizational Benavior bystem 






























Basic Assumptions of OB 

OB is also based upon few basic assumptions or fundamental 
concepts that revolve around the nature of people and nature of 
organizations. 

I. Individual differences: When we look at a person outward, he/she 
looks similar to the other person. The same two upper limbs, two 
lower limbs, one head, one nose etc. If we go little deeper, we can 
easily distinguish one person from other person easily as they 
possess not only body but also mind and heart. Not just that every 
individual thinks, feels, imagines, sees, and dreams differently. Every 
individual has different priorities, perception and the way of 
expression. Each one possesses unique talents, intelligences, 
personality and so on. From the very beginning of life, each person 
is unique and individual experiences after birth make people even 
more different. Like a saying - A Rose is A Rose is A Rose’, every 
individuals are unique and different. OB focuses on treating people 
with right discrimination. 



ii. A whole person A person should be accepted as a whole 
person. Simply put, an individual possesses the four lives: 
personal, family, social and professional life. Sometimes, a 
person in workplace needs to be involved in family or 
community. S/He also involves in personal life besides the 
profession, family and social life. Hence, OB assumes that 
a person as whole person and focuses on developing 
him/her in terms of growth and fulfillment. 

iii. Caused (or motivated) behavior Human beings do not 
exhibit behavior randomly; rather the behavior is caused 
by some motive, need, want or any drives. Always 
employee behavior is directed towards the goal and it can 
be caused by some motives, belief systems, perception, 
understanding, education, experience and environment. 



iv. Human Dignity (Self-Respect of People) There are four 
dimensions of life in human beings as mentioned earlier: Body, 
Mind, Heart and the Spirit. Regarding the employee at work, 
Body says pay me fairly, Mind says engage me creatively, Heart 
says treat me kindly and the Spirit says assign me meaningful 
job so that I want to leave the legacy. Human dignity appeals 
for fair treatment to people. It calls for self-respect and value of 
people. People should be properly treated and given the value 
and recognition for their valued contribution. 

v. Organizations are social system Organization gets established 
by human association. Like in social system, interrelation, 
interaction and interdependency between people continue till 
an organization exists. People are involved in organization to 
fulfill their psychological needs; they perform some definite 
roles and possess status. Hence, every activity in organization is 
governed by social laws and psychological laws. 



vi. Mutuality of interests Organization needs people and 
people also need organization. There is a clear give and take 
relationship between people and organization. Collective 
efforts of people finally achieve the super ordinate goal and 
meanwhile organization fulfills the needs of its people. 

vii. Holistic Concept The above six basic assumptions of OB 
are placed together, a holistic concept emerges. This 
concept interprets people-organization relationships in 
terms of the whole person, whole group, whole 
organization, and the whole social system. It takes an all 
encompassing view of people in organizations in an effort to 
understand as many of the possible factors that influence 
their behavior. Issues are analyzed in terms of the situation 
affecting them rather than in terms of an isolated event or 
problem. 



levels of OB analvsis 

Organizational behavior is a misnomer. It is not the study of how 
organizations behave, but rather the study of individual behavior in an 
organizational setting. This includes the study of how individuals 
behave alone, as well as how individuals behave in groups. 

1.Individual Level of Analysis: At the individual level of analysis, 
organizational behavior involves the study of learning, perception, 
creativity, motivation, personality, turnover, task performance, 
cooperative behavior, deviant behavior, ethics, and cognition. At this 
level of analysis, organizational behavior draws heavily upon 
psychology, engineering, and medicine. 

2.Group Level of Analysis: At the group level of analysis, organizational 
behavior involves the study of group dynamics, intra- and intergroup 
conflict and cohesion, leadership, power, norms, interpersonal 
communication, networks, and roles. At this level of analysis, 
organizational behavior draws upon the sociological and socio- 
psychological Sciences. 



3. Organizational Level of Analysis: At the organization level 
of analysis, organizational behavior involves the study of 
topics such as organizational culture, organizational 
structure, cultural diversity, inter-organizational cooperation 
and conflict, change, technology, and external 
environmental forces. At this level of analysis, organizational 
behavior draws upon anthropology and political science. 

Emereine Challenees in the Field of OB 

1. Managing Workforce Diversity 

2. Responding to Globalisation 

3. Improving Quality and Productivity 

4. Responding to Labour Shortage 

5. Improving Customer Service 

6. Improving People Skiil 



7. Empowering People 

8. Coping with Temporariness 

9. Stimulating Innovation and Change 

10. Helping Employees Balance Work/Life Conflicts 

11. Improving Ethical Behaviour 

Workforce Diversity: Organizations are becoming 

increasingly cosmopolitan. Organization specialist must 
learn to live with diverse behaviors. Managers must 
learn to respect diversity. Diversity if managed positively 
enhances creativity and innovation in organization as 
well as ensures better decision-making by providing 
different perspectives on problems. When not managed, 
diversity leads to increased turnover, heightened inter- 
personal conflict and more strained communication. 



Changed Employee Expectation: Traditional allurements such as job 
security, attractive remuneration housing does not attract, retain and 
motivate today’s workforce. Employees demand empowerment and 
expect equality of status with the management. Empowerment 
results in redefining jobs, both from the shop floor as well as the 
boardrooms. Expectations of equality break up the traditional 
relationship between employer and employee - top to bottom. 

Globalization: Growing internationalization of business has its impact on 
people management. Managements are required to cope with the 
problems of unfamiliar laws, languages, practices, competitors, 
attitudes and management styles, work ethics and more. To face this 
challenge the management must be flexible and pro-active. Being 
flexible and pro-active the management can make significant 
contribution to the company’s growth. 

• Internationalization makes managers to increase their 
competencies. 

• Globalization increases the number of managers and professions. 



Improving Productivity and Quality: As organizations are exposed to 
competition, managers are seriously thinking of improving quality 
and productivity. In this context managers are implementing 
programmes like TQM (Total Quality Management) and Re- 
engineering programmes that requires employee involvement. TQM 
is a philosophy of management that is inspired by constant 
attainment of customer satisfaction of all organizational process. 
Re-engineering means radically re-building and redesigning those 
processes by which we create value for customers. 

Changing Demographics Of Workforce: Major challenges from 
changing demographics of workforce relate to dual-career couples. 
Couples where both partners are actively pursuing professional 
careers. The increase in number of dual career profession limits 
individual flexibility and may hinder organization flexibility in 
acquiring and developing talent. Another change in the workforce 
demographics relates to the growing number of employees who are 
young. 



Learning Organizations: The concept of ‘learning 
organizations’ was first presented by Peter Senge. According 
to his concept, employees, who are committed to an 
organization, works harder and produce better results. 
That’s why he proposed that organizations should invest in 
their employees and facilitate the learning of their 
members. As a result of that, the organization actually 
develops and transforms itself. 

Competing with the Low-Cost Labor: Another great modern 
challenge in management is to find a way to minimize cost 
of operations. So you can compete with the low-cost labor 
that many other countries can afford. You may or may not 
have the luxury of having a labor at $1 per hour. But it is a 
faet you must understand that many other countries do 
have this option. 



